David Pitner and Jared Reagan have filed the suit that says the technique allowed the defendants to tap users’ browsers to see what porn sites they visit by exploiting a Javascript security flaw.
The breach works through a user's browser by checking if previously visited links change to the color purple.
Reports last week exposed the security flaw citing a UC San Diego academic paper published a few months back that cited YouPorn, YouPornGay.com and YouPornCocks as the top history-sniffing sites.
The court papers filed in the Central District of California accuse the YouPorn sites of “impermissibly accessing [users'] browsing history” and seeks class-action status. The lawsuit alleges that the site broke California computer and consumer protection laws, as well as “violat[ed] Plaintiffs’ privacy interests.”
The suit further states that YouPorn employed deceptive practices by hiding its “history-sniffing” or “history-hijacking” in its source code with simple cryptography.
“The YouPorn sites promote themselves as vehicles to obtain and share free pornographic media and make content generated by third-parties available to their viewers… Visitors to the website can also ‘rate’ the content they view on a scale of 1 through 5,” the complaint says. “The YouPorn sites do not mention this [history-sniffing] process at all in their terms and conditions.”
YouPorn has reportedly removed the history-sniffing code from its website after stories broke last week revealing the practice.
